A Nuclear Ruse Uncovers Holes In U.S. Security

By ERIC LIPTON

Published: July 12, 2007

Undercover Congressional investigators set up a bogus company and obtained a license from the Nuclear Regulatory Commission in March that would have allowed them to buy the radioactive materials needed for a so-called dirty bomb.

The investigators, from the Government Accountability Office, demonstrated once again that the security measures put in place since the 2001 terrorist attacks to prevent radioactive materials from getting into the wrong hands are insufficient, according to a G.A.O. report, which is scheduled to be released at a Senate hearing Thursday.

''Given that terrorists have expressed an interest in obtaining nuclear material, the Congress and the American people expect licensing programs for these materials to be secure,'' said Gregory D. Kutz, an investigator at the accountability office, in testimony prepared for the hearing.

The bomb the investigators could have built would not have caused widespread damage or even high- level contamination. But it still could have had serious consequences, particularly economic ones, in any city where it was set off.

The undercover operation involved an application from a fake construction company, supposedly based in West Virginia, that the investigators had incorporated even though it had no offices, Internet site or employees. Its only asset was a postal box.

Nuclear Regulatory Commission officials did not visit the company or try to interview its executives in person. Instead, within 28 days, they mailed the license to the West Virginia postal box, the report says.

That license, on a standard-size piece of paper, also had so few security measures incorporated into it that the investigators, using commercially available equipment, were able to modify it easily, removing a limit on the amount of radioactive material they could buy, the report says.

With that forged document, the auditors approached two industrial equipment companies to arrange to buy dozens of portable moisture density gauges, which cost about $5,000 each and are used to read the density of soil and pavement when building highways. The machines include americium-241 and cesium-137, radioactive substances commonly used in industrial equipment. Auditors, convinced they had enough evidence to prove their point, called off the ruse before the devices were delivered.

But if they had gone ahead with the plot -- which would have required extracting the radioactive materials from the machines and combining them, a job that could harm anyone in close contact -- they could have built a bomb that would have contaminated an area about the length of a city block, according to the regulatory commission.

As with any dirty bomb, the resulting low-level contamination would not have presented an immediate health hazard. Still, the area would have to have been evacuated and decontaminated.

Edward McGaffigan Jr., a member of the regulatory commission's governing board, said the agency had taken steps to improve safeguards immediately after learning about the security lapses from auditors. The commission now requires members of its staff to visit any company it is not familiar with before approving a license application. It is also looking for ways to change the license to make it harder to modify or counterfeit, Mr. McGaffigan said.

But he said the danger associated with the amount of radioactive material the auditors were trying to buy should not be overstated. And the operation would have been much more expensive and complicated than pulling off a more conventional attack involving a truck bomb or a chemical tanker truck.

''Why would I not blow up a chemical tanker on a train with chlorine in it or other toxic materials, at a tiny fraction of the cost before doing this very elaborate exercise?'' Mr. McGaffigan said.

A nuclear commission spokesman, David McIntyre, said the agency had not inspected the offices of the bogus company before issuing a license because the portable devices the Congressional auditors were trying to buy are considered a lower-level threat than that posed by more dangerous radioactive materials, which it regulates more strictly.

But Senator Norm Coleman, Republican of Minnesota, who has pushed Congressional auditors to investigate nuclear threats since 2003, said the commission was guilty of playing down the threat.

''The economic and psychological effects of a dirty bomb detonating on American soil would be devastating,'' Mr. Coleman said in a statement Wednesday. ''The N.R.C. has a pre 9-11 mindset in a post 9-11 world focusing just on preventing another Chernobyl.''

The findings by the Congressional auditors are the latest in a series of reports about management and procedural weaknesses at the Nuclear Regulatory Commission that investigators have argued make the nation more vulnerable to a dirty bomb attack. In 2003, auditors first recommended that licenses for radioactive materials not be granted without inspections or other means of verifying that the applicant was legitimate.

In 2006, it recommended that the agency take steps to make sure its documents cannot be forged.

The use of undercover tactics is not a new one for the auditors. They used a similar approach last year when trying to smuggle radioactive materials across the border and investigating how effective the government's protections were against fraudulent efforts to get cash assistance after Hurricane Katrina in 2005.

The most recent investigation did turn up some reassuring news: a second ploy by the auditors to acquire radioactive material was thwarted.

In 34 states, local regulatory authorities handle license applications. In Maryland, the Congressional investigators sent a similar application for a license to buy construction equipment that relied on a radioactive source. But Maryland officials said they wanted to inspect the bogus company's offices and storage yard, so the auditors withdrew their application.